#40: Enforcing the code of conduct
-------------------+---------------------------------
Reporter: duffy | Owner:
Status: new | Priority: normal
Component: Legal | Keywords: coc, code of conduct
-------------------+---------------------------------
See this post from the outreach-list regarding the actual enforcement of
the code of conduct as currently written:
https://lists.fedoraproject.org/pipermail/outreach/2015-July/000067.html
Langdon asked that this be made a ticket for council discussion, with the
concern that an unenforceable / consequence without an SOP is a threat and
isn't the right way to go:
https://lists.fedoraproject.org/pipermail/outreach/2015-August/000073.html
For reference, the actual text is:
"FUDCon brings together contributors and users from all over the world and
this diversity is one of our greatest strengths. This diversity however
can also lead to communication issues and unhappiness. Attendees are
required to be considerate and respectful of each other. This includes,
but is not limited to:
- "Refraining from rude behaviour
- "Refraining from any sort of harassment or discrimination (based on
ethnic background, religion, gender, sexuality, body shape, disability,
geographic location, sports team, preferred operating system or anything
else)
- "Obeying local laws
"Attendees who are in violation of this policy may be subject to removal
and banning from FUDCon (and future Fedora events). Whether an attendee is
in violation is at the sole discretion of the conference organizers.
Anyone with a possible concern relating to the code of conduct is
encouraged to either email Rupali Talwatkar or talk directly to one of the
designated FUDCon volunteers. Designated FUDCon volunteers will have a
dark blue coloured VOLUNTEER badge."
The line of particular concern here is:
"Attendees who are in violation of this policy may be subject to removal
and
banning from FUDCon (and future Fedora events)."
--
Ticket URL: <https://fedorahosted.org/council/ticket/40>
council <https://fedorahosted.org/council>
Fedora Council Public Tickets

#53: privacy policy should be updated to describe the privacy of Fedora
installations, not participation in Fedora events
---------------------+-------------------
Reporter: zbyszek | Owner:
Status: new | Priority: normal
Component: General | Keywords:
---------------------+-------------------
== How the privacy policy is specified ==
/usr/lib/os-release contains
PRIVACY_POLICY_URL=https://fedoraproject.org/wiki/Legal:PrivacyPolicy.
PRIVACY_POLICY_URL is documented to "refer to the main privacy policy page
for the operati[ng] system" [1]. This line was added to allow Gnome to
display a link to the privacy policy without hardcoding the text or URL.
It is currently shown by gnome-initial-setup [2].
[1] https://www.freedesktop.org/software/systemd/man/os-
release.html#HOME_URL=
[2] https://in.waw.pl/~zbyszek/fedora/gnome-i-s-privacy-policy-
screenshot.png
== Recent attempts at updating ==
There have been two drafts that I'm aware of:
- https://fedoraproject.org/wiki/User:Pfrields/PrivacyPolicyRedux
discussed at [3]
- https://fedoraproject.org/wiki/User:Spot/PrivacyPolicyProposal discussed
at [4]
[3]
https://lists.fedoraproject.org/pipermail/desktop/2015-March/011700.html
[4] https://lists.fedoraproject.org/pipermail/council-
discuss/2015-September/013633.html
Neither of those significantly address issues that have been raised in
response to both proposals.
== What is wrong with current policy ==
[This part is subjective of course, please read it as prefixed with "IMO"
everywhere]
As stated in $subject, it's a policy for a different purpose. The privacy
policy used as "the privacy policy for the OS" should primarily and
prominently describe what information is collected (or otherwise made
public) when Fedora is installed, when a user account on the Fedora
machine is created, and in normal use of Fedora.
Crafting a clear and simple policy will make a good impression that Fedora
Project cares about it's users privacy, and is safe to use in situations
where preserving personal information is important.
A general problem is that existing policy and proposed draft do not make a
clear distinction between a) installing Fedora and downloading updates, b)
creating accounts for Fedora development and using the bug tracker, c)
participating in Fedora conferences and such. Those three broad categories
have completely different privacy implications. Without being clear to
which of those the policy pertains means that the policy greatly
overstates the types of information being collected. In effect the policy
is much more relaxed (i.e. bad for the users) than it could be.
Specific issues raised:
Should there be mention of NetworkManager-config-connectivity-fedora? (ie,
checking http://fedoraproject.org/static/hotspot.txt for captive portal)
[5]
In the section about 'Cookies and other Browser information', it might be
useful to mention that the 'User Agent ID' of Browsers that are packaged
in Fedora is configured to identify the system as running Fedora. [6]
For example, the list in "Publicly Available Personal Information" really
isn't palatable. A better way of showing this might be to say: "the
information you give when creating your account will be public by default.
You can see what data is publicly visible <here> (link to the public page
for the user), modify your privacy settings <here>, and request deletion
of the account <here>" [7]
I also don't like the "Personal Information" vs. "Non-Personal
Information". It might be how a lawyer works, but just because it pertains
to a computer and not to a person doesn't make it less identifying. [7]
the privacy policy needs to refer to "user account" in such way that it'll
be clear that it's talking about accounts for contributors (FAS) and not a
user account on your system or an online account you add via GOA, to make
it clear Fedora doesn't scrape your name (or other identifying details)
from Google / Facebook accounts added via GOA, nor the "Full Name" field
of user accounts on your computer. [8]
> we may disclose personally identifiable information about you to third
parties
> in limited circumstances, including:
> ...
> - for research activities, including the production of statistical
reports (such
> aggregated information is used to describe our services and is not used
to
> contact the subjects of the report).
> ""
AFAIK, in Germany, it's the laws that any such "passing on personal
information" needs to be opt-in - "Opt-out" and "always-on" would be
unlawful. [10]
What procedures are being put in place so that EU residents (and hopefully
everyone) can contact Fedora or Red Hat to obtain/understand/verify/delete
their machine data, beyond obviously personal data?
[5] https://lists.fedoraproject.org/pipermail/council-
discuss/2015-September/013643.html
[6]
https://lists.fedoraproject.org/pipermail/desktop/2015-March/011703.html
[7]
https://lists.fedoraproject.org/pipermail/desktop/2015-March/011727.html
[8]
https://lists.fedoraproject.org/pipermail/desktop/2015-March/011729.html
[9] https://lists.fedoraproject.org/pipermail/council-
discuss/2015-September/013637.html
[10] https://lists.fedoraproject.org/pipermail/council-
discuss/2015-September/013637.html
[11] https://lists.fedoraproject.org/pipermail/council-
discuss/2015-September/013649.html
== tl; dr ==
The policy is too complicated, yet lacks detail and does not provide
strong guarantees.
Statements like "The Information We Collect ... your Fedora Account
password .. your SSH public key ... your affiliation" are not appropriate
for a page linked to from the "Privacy Policy" link displayed during
installation.
I hope the Council can help to push towards a better policy document.
Currently things seem to be stuck in minimal edits over the last year and
half. Maybe the document should be opened for public editing on a wiki
somewhere so that people can rearrange the text and take it further from
current form. If the Council accepted the general idea of providing strong
privacy guarantees things could move forward.
--
Ticket URL: <https://fedorahosted.org/council/ticket/53>
council <https://fedorahosted.org/council>
Fedora Council Public Tickets

#43: Create the Fedora Public Budget Page
-------------------------+-------------------------------------------------
Reporter: decause | Owner: decause
Status: new | Priority: normal
Component: General | Keywords: budget, websites, FCL, transparency,
| community
-------------------------+-------------------------------------------------
As per the results of our council discussion here
(https://lists.fedoraproject.org/pipermail/council-
discuss/2015-October/013742.html) we are heretofore establishing a new
page (wiki or otherwise) that will track the timeline and particulars of
the Fedora Public Budget. It shall include:
Budgetary Components, Projected and Adjusted for each fiscal year:
- Regional Budget Allocations (APAC/EMEA/LATAM/NA)
- Fedora Premier Event Budgets (FLOCK, FUDCon)
- Central Discretionary Fund (approved by Council)
- FAD specific Budgets
Budgetary Milestones and Timelines:
- August: In person meeting at FLOCK
- September: Proposed budget components and metrics from each region
- October: Ratification of Proposed Budget by Council
- March: Confirmation of Received budget w/ Adjustment Meeting
- Quarterly Check-ins with Regional Treasurers
- Halfly approvals of Regional Funds, pending metrics and outcomes
reporting
If there are other details or resources that should be included on this
page, feel free to leave them in the comments below. I would propose that
this page eventually be made available at http://budget.fedoraproject.org
--
Ticket URL: <https://fedorahosted.org/council/ticket/43>
council <https://fedorahosted.org/council>
Fedora Council Public Tickets

#16: Periodic contributor survey
---------------------+-------------------
Reporter: mattdm | Owner:
Status: new | Priority: normal
Component: General | Keywords:
---------------------+-------------------
This is a tracking ticket for establishing a process by which we get
regular feedback from the Fedora contributor base.
This is a companion to https://fedorahosted.org/council/ticket/1. The
desired goals, methodology, and basically everything else are really
different between users and contributors it will be better to track them
separately.
--
Ticket URL: <https://fedorahosted.org/council/ticket/16>
council <https://fedorahosted.org/council>
Fedora Project Board Public Tickets

#42: Schedule a FLOCK Budget Planning Session w/Council
-------------------------+-------------------------------------------------
Reporter: decause | Owner: decause
Status: new | Priority: minor
Component: Board Meta | Keywords: FLOCK, session, budget, council,
| fiscal,
-------------------------+-------------------------------------------------
As per our discussion about Budget Planning here,
(https://lists.fedoraproject.org/pipermail/council-
discuss/2015-October/013742.html) one conclusion we came to was that
Budget Planning for the next fiscal year would begin during August at
FLOCK with a high-bandwidth in person meeting, that continued on maillists
and IRC through September, and was delivered to the FCL in October, to be
presented to Red Hat via OSAS.
This ticket is a reminder that we need to schedule a session at FLOCK for
the high-bandwidth in person session.
--
Ticket URL: <https://fedorahosted.org/council/ticket/42>
council <https://fedorahosted.org/council>
Fedora Council Public Tickets

#57: Seeking Council feedback/input on draft third party software policy
----------------------+------------------------
Reporter: pfrields | Owner:
Status: new | Priority: normal
Component: General | Keywords: workstation
----------------------+------------------------
The Workstation WG has been collaborating for some time on a third party
software policy that would make the widest possible range of software
available to Fedora users in a easily consumable format, while ensuring
users have all the information necessary to decide on the software they
install. A draft of the policy is available here:
https://fedoraproject.org/wiki/Workstation/Third_party_software_proposal
The WG has reached the point that it wants direct Council feedback,
questions, concerns, etc. before further action. We're not looking yet
for technical changes to the distribution, release mechanisms, etc.,
although we ''are'' happy to receive questions about that from the
Council. However, we're specifically looking for Council feedback on the
principles and practices in the policy to see that they align with what
the Council would like to see in Fedora's future.
The WG members would be happy to have a Council or Workstation WG meeting
dedicated to this topic if desired. I can help with scheduling that if
needed.
--
Ticket URL: <https://fedorahosted.org/council/ticket/57>
council <https://fedorahosted.org/council>
Fedora Council Public Tickets

#50: Schedule a Flock Council Update & Town Hall for Krakow 2016
-------------------------+-------------------------------------------------
Reporter: decause | Owner: decause
Status: new | Priority: normal
Component: Board Meta | Keywords: Flock, Flock 2016, Council Update,
| council
-------------------------+-------------------------------------------------
This the is the traditional Flock session where members of the council
meet with community members and update folks on the status of Objectives,
as well as discuss issues and ideas for the future.
--
Ticket URL: <https://fedorahosted.org/council/ticket/50>
council <https://fedorahosted.org/council>
Fedora Council Public Tickets

#60: Firefox: Don't increase fingerprint by adding "Fedora" to user agent
-------------------------+------------------
Reporter: genodeftest | Owner:
Status: new | Priority: minor
Component: General | Keywords:
-------------------------+------------------
== phenomenon ==
Since release 35 of Firefox, Fedora is shipping it with a branded user
agent string. This increases the fingerprint, distinguishing it from all
other linux users. As a result, it is quite easy to track Fedora's firefox
users, which can be a violation of their privacy.
== background analysis ==
Firefox has a distinct user agent unlike any other firefox distribution.
== implementation recommendation ==
Drop [https://pkgs.fedoraproject.org/cgit/rpms/firefox.git/tree/firefox-
fedora-ua.patch ​firefox-fedora-ua.patch]. As a result, firefox'
fingerprint will be the mozilla-provided default.
==additional information==
I originally reported this as
[https://bugzilla.redhat.com/show_bug.cgi?id=1343698 bug #1343698] at
bugzilla. Martin Stransky told me to report it
[https://fedorahosted.org/fesco/ticket/1586#comment:3 at FESCo], where
sgallagh told me to report it here.
Additional info: The change for including "Fedora" in user agent string
was proposed in ​[https://bugzilla.redhat.com/show_bug.cgi?id=1190774 bug
#1190774] and rejected 4 years ago in
[https://bugzilla.redhat.com/show_bug.cgi?id=824717 ​bug #824717] for the
same reason I wrote above.
--
Ticket URL: <https://fedorahosted.org/council/ticket/60>
council <https://fedorahosted.org/council>
Fedora Council Public Tickets

Hi Council,
I will be on vacations from 2016-June-25 to 2016-July-06, so I will
miss the two upcoming meetings.
All the activities related to Fedora Elections as well as Change
process will be manage by Jaroslav Reznik during my absence.
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic